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Neal Semikin 


Head of Security & Infrastructure at the Bank of England. 


In a nutshell we... 


Regulate other banks Issue banknotes Set monetary policy Maintain stability 


• Manage the movement of £700,000,000,000 per day. 
e RTGS - International settlements platform. 


e Storing 5,134 tonnes of gold. 
* Approximate value of £174,000,000,000 


* Responsible for tracking 3,600,000,000 Banknotes 
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Technical Vulnerability Management V2.0 


Discovery Vulnerability Policy Continuous 
Scanning Scanning Scanning Monitoring 


. Vulnerability & Intelligence Feed 


GRC 
Reportin 
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- 4,500 Employees 


> 400 Systems 


Many Servers 
per system 


3 ENV per system 


м BANK OF ENGLAND 


BAU Patch Release 


Has a patch 


Good. Patch it! p Validate 


been released. Patch 


5 — 90 days to complete cycle. y 
System dependant. 


Accelerated Patch Release 


Securit 


If so, inform 
System Owner. Validate 


Patch it, quicker! 


Does the threat 
exceed our risk 
tolerance? 


Analyse new 


ерее daily threats. 
t 


Patch 


0 — 5 day to complete 


NCSC - Joint Working Group - Patching publication released = 
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Maintaining Operational Resilience 
in an evolving Cyber Security 
Landscape 


Performing a time sensitive task on mass, 


frequent "PROCESS: accuracy & 
predictability. 


PEOPLE 
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YOU DONT HAVE CONTINUOUS 


VULNERABILITY MONITORING, YOU SAY. 
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Key Capabilities 


у, 


* AssetView (Asset inventory) 


* Vulnerability Management (Identification, Remediation) 


* |OT, Management Network 
* Continuous Monitoring (Cloud agent data collection) 
* ThreatProtect (Instant threat identification) 


* Policy Compliance (Recognised standards and custom builds) 
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Qualys Setup 
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Continuous Security 


Tk real-time agents. 


Onsite instance 
Agent first approach 
Self service portals 


Auto Threat Intel 
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Container Security DASHBOARD ASSETS EVENTS REPORTS CONFIGURATIONS humanname 
— 


Overview Dashboard v 


TOTAL HOSTS 


TOTAL IMAGES 


TOTAL CONTAINERS 


25 5.1K 125 


IMAGES VULNERABILITIES BY SEVS CONTAINERS VULNERABILITIES BY SEVS HOSTS VULNERABILITIES BY SEVS 


Total assets Total assets Total assets 


50 50 50 


239 Ш Sev. 5: 23 w Ш Sev. 5: 23 
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AssetView v Help v David Ferguson ~ 


Intern ~ 


Actions м Add Widget Filter by Asset Tags G 


ASSETS WITH INSTALLED TABLEAU DESKTOP 


vs All Assets 
7370 (2.64%) 


À 0.0% 
Showing last 85 days 17 


TABLEAU USAGE BY VERSION aly] TABLEAU INSTALLATIONS BY VERSION 


Name Software Version Count 


Tableau 10.2 (10200.17.0614.1936) 


10.2.1113 127 


18.1.1413 42 


Tableau 2018.1 (20181.18.0615.1 


Tableau 9.2 (9200.16.0204.1543) 9.2.789 38 | | m 
0 — 


Tableau Server 20182 (20182.18... 2018.2.1 


e 


Tableau Tableau Tablesu T; 
10 2018. 92 


ASSETS WITH INSTALLED MS OFFICE 


5.71K 


HELLO 


my name is 


INTERN 
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Ноте My Network Jobs Messaging 


People v | Connections w | | Locations У | | Current companies w | All Filters 


Yassin Shabir 


Connect 


| 


Darron Gibbard CISM, CISSP 


Chief Technical Security Officer and Managing Director - EMEA North at Qualys Connect 


| 


Ма!да5 Вусепкома5 


| 


Enterprise Technical Account Manager at Qualys Message 


GBD os 


Andreas Wuchner 


Connect 


Group Head IT & Risk Governance at Credit Suiss 
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Notifications 


ARE YOU A BOARD MEMBER? - Search Board Roles, Training & Events On Our Deloitte Award Winning Network Ad -- 


Saved searches 


Create search alert 
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ThreatPROTECT 


Нер~ | David Ferguson ~ 


Dashboard 


Saved Searches + Y 


Feed Assets Configuration 


Search 


Impacted Assets ~ 


HIGH RATED FEED 162 MEDIUM / LOW RATED FEED 17,310 Ў FAVORITES 


Lu August 31, 2018 СЕП um August 31, 2018 


Microsoft Windows Task Scheduler PoC Exploit available for CVE-2018-10900 
Privilege Escalation Vulnerability (Zero... 


СЕП | MEDIUM | August 29, 2018 


[HIGH] August 30, 2018 PoC Exploit available for CVE-2017- 
1000499 


OpenSSH User name Enumeration 
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Technical Vulnerability Management V2.0 


Continuous 


Discovery Vulnerability Policy 
Monitoring 


Scanning Scanning Scanning 


Continuous Monitoring 


Vulnerability & Intelligence Feed 


GRC 
Reportin 
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Reporting 


PROCESS 


TOOLING 


Technology Continuous Invest in 
Enables Improvement People 


PEOPLE 
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NEAL JOHN DAVE 
PANOS DEAN 
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